From 53ea5da29f7620b5fb142e492db86372b97bebd9 Mon Sep 17 00:00:00 2001 From: Yuan Tang Date: Wed, 22 Mar 2023 23:52:10 -0400 Subject: [PATCH] Revert "Fixes #10234 - Postgres SSL Certificate fix" (#10736) --- Dockerfile | 2 -- config/config.go | 15 ++------------- persist/sqldb/sqldb.go | 39 ++------------------------------------- 3 files changed, 4 insertions(+), 52 deletions(-) diff --git a/Dockerfile b/Dockerfile index 042be7d5b028..d5b141d67390 100644 --- a/Dockerfile +++ b/Dockerfile @@ -91,8 +91,6 @@ FROM gcr.io/distroless/static as workflow-controller USER 8737 -WORKDIR /home/argo - COPY hack/ssh_known_hosts /etc/ssh/ COPY hack/nsswitch.conf /etc/ COPY --chown=8737 --from=workflow-controller-build /go/src/github.com/argoproj/argo-workflows/dist/workflow-controller /bin/ diff --git a/config/config.go b/config/config.go index be4a4a9ddc7f..ec970f0286aa 100644 --- a/config/config.go +++ b/config/config.go @@ -235,19 +235,8 @@ func (c DatabaseConfig) GetHostname() string { type PostgreSQLConfig struct { DatabaseConfig - SSL bool `json:"ssl,omitempty"` - SSLMode string `json:"sslMode,omitempty"` - CaCertSecret apiv1.SecretKeySelector `json:"caCertSecret,omitempty"` - ClientCertSecret apiv1.SecretKeySelector `json:"clientCertSecret,omitempty"` - ClientKeySecret apiv1.SecretKeySelector `json:"clientKeySecret,omitempty"` - CertPath string `json:"certPath"` -} - -func (c PostgreSQLConfig) GetPGCertPath() string { - if c.CertPath != "" { - return c.CertPath - } - return "/home/argo/pgcerts" + SSL bool `json:"ssl,omitempty"` + SSLMode string `json:"sslMode,omitempty"` } type MySQLConfig struct { diff --git a/persist/sqldb/sqldb.go b/persist/sqldb/sqldb.go index 39f911d58200..b51f4e0703e4 100644 --- a/persist/sqldb/sqldb.go +++ b/persist/sqldb/sqldb.go @@ -3,7 +3,6 @@ package sqldb import ( "context" "fmt" - "os" "time" "k8s.io/client-go/kubernetes" @@ -54,43 +53,9 @@ func CreatePostGresDBSession(kubectlConfig kubernetes.Interface, namespace strin } if cfg.SSL { - if cfg.SSLMode != "" && cfg.SSLMode != "disable" { - err := os.MkdirAll(cfg.GetPGCertPath(), 0700) - if err != nil { - return nil, "", err - } - rootCertByte, err := util.GetSecrets(ctx, kubectlConfig, namespace, cfg.CaCertSecret.Name, cfg.CaCertSecret.Key) - if err != nil { - return nil, "", err - } - err = os.WriteFile(cfg.GetPGCertPath()+"/ca.crt", rootCertByte, 0600) - if err != nil { - return nil, "", err - } - - serverCertByte, err := util.GetSecrets(ctx, kubectlConfig, namespace, cfg.ClientCertSecret.Name, cfg.ClientCertSecret.Key) - if err != nil { - return nil, "", err - } - err = os.WriteFile(cfg.GetPGCertPath()+"/tls.crt", serverCertByte, 0600) - if err != nil { - return nil, "", err - } - - serverKeyByte, err := util.GetSecrets(ctx, kubectlConfig, namespace, cfg.ClientKeySecret.Name, cfg.ClientKeySecret.Key) - if err != nil { - return nil, "", err - } - err = os.WriteFile(cfg.GetPGCertPath()+"/tls.key", serverKeyByte, 0400) - if err != nil { - return nil, "", err - } - + if cfg.SSLMode != "" { options := map[string]string{ - "sslmode": cfg.SSLMode, - "sslrootcert": cfg.GetPGCertPath() + "/ca.crt", - "sslkey": cfg.GetPGCertPath() + "/tls.key", - "sslcert": cfg.GetPGCertPath() + "/tls.crt", + "sslmode": cfg.SSLMode, } settings.Options = options }